Trustworthy Refinement Through Intrusion-Aware Design

Abstract

High confidence in a system's survivability requires an accurate understanding of the system's threat environment and the impact of that environment on system operations. Unfortunately, existing development methods for secure and survivable information systems often have a patchwork approach in which the focus is on deciding which popular security components to integrate rather than making a rational assessment of how to address the attacks that are likely to compromise the overall mission. This report proposes an intrusion-aware design model called trustworthy refinement through intrusion-aware design (TRIAD). TRIAD enables information system engineers to use known and hypothesized attack patterns to iteratively improve and continually maintain system survivability, even as the system and threat environment evolve over time.

Open PDF

Document Details

Document Type
Technical Report
Publication Date
Oct 01, 2002
Accession Number
ADA407784

Entities

People

  • Andrew P. Moore
  • Robert J. Ellison

Organizations

  • Carnegie Mellon University

Tags

Communities of Interest

  • Cyber
  • Engineered Resilient Systems
  • Ground and Sea Platforms
  • Space

DTIC Thesaurus Topics

  • Computer Access Control
  • Computers
  • Cybersecurity
  • Databases
  • Detection
  • Engineers
  • Information Security
  • Information Systems
  • Intrusion
  • Intrusion Detection
  • Personnel Management
  • Risk
  • Risk Analysis
  • Security
  • Software Design
  • Software Development
  • Spiral Development

Fields of Study

  • Computer science

Readers

  • Military Science and Technology Research and Modernization.
  • Systems Analysis and Design
  • Team-Based Human-Centered Cognitive Task Decision Making and Information Performance.